Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
The Real MTCS SQL Server 2008 Exam 70/432 Prep Kit- P40: Congratulations on your journey to become certified in SQL Server 2008. This book will help prepare you for your exam and give you a practical view of working with SQL Server 2008. | Managing Data Encryption Chapter 5 177 based-security modules to interface with SQL server to externally manage the encryption keys as well as enable encryption and decryption. Test Day Tip Understand that TDE is not a form of access control. If someone has permission to access the database TDE will not prevent them from accessing the data. Note that they do not need permission to the DEK or a password. Database Encryption Keys Note that there are a number of encryption algorithms you may choose when you create the DEK. Not all operating systems support all types of encryptions so be sure you select an encryption scheme that is supported by the operating system you ll be using. The algorithms supported by SQL Server are WITH ALGORITHM AES_128 AES_192 AES_256 TRIPLE_DES_3KEY Best Practices for Managing Database Keys Managing SQL Server keys consists of creating deleting and modifying database keys as well as backing up and restoring database keys. To manage symmetric keys you can use the tools included in SQL Server to do the following Back up a copy of the server and database keys so that you can use them in the event a server needs to be reinstalled or for a planned migration. Restore a previously saved key to a database to a new server instance. This enables a new server instance to access existing data that it did not originally encrypt. Re-create keys and re-encrypt data in the unlikely event that the key is compromised. As a security best practice you should re-create the keys periodically to protect the server from attacks that try to decipher the keys. 178 Chapter 5 Managing Data Encryption Cell- and Column-Level Encryption Introduced in SQL Server 2005 cell-level encryption provides developers with a granular level of encryption for their applications that have specific data security requirements. While this provides the application development much flexibility it has additional performance and space costs. First of all cell- and column-level encryption .